<?php
		include('login_functions.php'); // all the functions for login page <name could be changed>

		$button = $_POST['button'];
		switch($button){
		/*
		 * Sanitize $_POST into itself and use it as a parameter for
		 * isLoggable() and register() functions.
		 */
			case "Login":
				$_POST['login_username'] = filter_input(INPUT_POST, 'login_username', FILTER_SANITIZE_STRING);
				$_POST['login_password'] = filter_input(INPUT_POST, 'login_password', FILTER_SANITIZE_STRING);
				
				echo isLoggable($_POST); 	/* returns the response from the	*
											 * attempt to log in				*/
				break;
			case "Sign Up": 
				$_POST['sign_name'] = filter_input(INPUT_POST, 'sign_name', FILTER_SANITIZE_STRING);
				$_POST['sign_surname'] = filter_input(	INPUT_POST, 'sign_surname', FILTER_SANITIZE_STRING);
				$_POST['sign_email'] = filter_input(INPUT_POST, 'sign_email', FILTER_SANITIZE_EMAIL);
				$_POST['sign_username'] = filter_input(INPUT_POST, 'sign_username', FILTER_SANITIZE_STRING);
				$_POST['sign_password'] = filter_input(INPUT_POST, 'sign_password', FILTER_SANITIZE_STRING);
				echo register($_POST);
				break;
			case "Logout":
				session_start();
				session_unset();
				session_destroy();
				echo 'true';
				break;		
		}
		
		
		
		
		
		
		
		
		
		
		
		
		/*
		!-!-!-!-!-!-!-!-!-!-!-!-!- SAFETY BACKUP -!-!-!-!-!-!-!-!-!-!-!-!-!-!-!-!-!-!-
		if($_POST['button'] == "Login")
		{
		 	$lUsername = filter_input(INPUT_POST, 'login_username', FILTER_SANITIZE_STRING);
			$lPassword = filter_input(INPUT_POST, 'login_password', FILTER_SANITIZE_STRING);
			
			$lPassword = sha1($lPassword);
		     
		 	$query = "SELECT * FROM users WHERE username = :u AND password = :p AND confirmed = 1";
		 	$statement = $db->prepare($query);
		 	$statement->bindValue(':u',$lUsername);
		 	$statement->bindValue(':p',$lPassword);
		 	$statement->execute();
		
			$rowCount = $statement->rowCount();
			$statement ->closeCursor();
			
				
			if ($rowCount == 1) {
		              // if there is a row in the database, they can enter the site
		              echo 'true';
		 	}
			else {
		        	// if unable to enter, bring back the login page
		        	//Define error message
		        	$query = "SELECT * FROM users WHERE username = :u AND password = :p";
			 	$statement = $db->prepare($query);
			 	$statement->bindValue(':u',$lUsername);
			 	$statement->bindValue(':p',$lPassword);
			 	$statement->execute();
			 	
			 	$rowCount = $statement->rowCount();
				$statement ->closeCursor();
				
				if($rowCount == 1)
				{
					$login_error = 'Your account is not confirmed';
				}
				else
				{
					$query = "SELECT * FROM users WHERE username = :u";
				 	$statement = $db->prepare($query);
				 	$statement->bindValue(':u',$lUsername);
				 	$statement->execute();
				 	
				 	$rowCount = $statement->rowCount();
					$statement ->closeCursor();
					
					if($rowCount == 1){
						$login_error = 'Incorrect password.';
					}
					else{
						$login_error = "This username doesn't exists.";
					}
				}
				echo '<span id=\'login_error\'>'.$login_error.'</span>';
			}
		}
		if($_POST['button'] == "Sign Up")
		{
			$sign_name = filter_input(INPUT_POST, 'sign_name', FILTER_SANITIZE_STRING);
			$sign_surname = filter_input(INPUT_POST, 'sign_surname', FILTER_SANITIZE_STRING);
			$sign_email = filter_input(INPUT_POST, 'sign_email', FILTER_SANITIZE_STRING);
			$sign_username = filter_input(INPUT_POST, 'sign_username', FILTER_SANITIZE_STRING);
			$sign_password = filter_input(INPUT_POST, 'sign_password', FILTER_SANITIZE_STRING);
		
					
			if(!empty($sign_username)){
				$query = "SELECT * FROM  `users` WHERE username =  :u OR email =  :e";
				$statement = $db->prepare($query);
			 	$statement->bindValue(':u',$sign_username);
			 	$statement->bindValue(':e',$sign_email);
				$statement->execute();
		
				$rowCount = $statement->rowCount();
				$statement ->closeCursor();
		      
		     
				if ($rowCount == 1) {
		                	// if there is a row in the database, they can not sign up
		                	$query = "SELECT * FROM users WHERE username = :u";
					$statement = $db -> prepare($query);
					$statement -> bindValue(':u',,$sign_username);
					$statement -> execute();
					$rows = $statement -> rowCount();
					$statement -> closeCursor();
					
					if ($rows == 1) {
						$signup_error = 'Username is already taken.  Please choose another.';
					}
					else {
						$signup_error = 'This email already has an account with us.  Please use another email.';
					}
		      		}
		      		else {
		              
		        		$query = "INSERT INTO users (name, surname, email, username,password) VALUES(:sName, :sSurname, :sEmail, :sUsername, :sPsw)";
		
				        $statement = $db->prepare($query);
				        $statement->bindValue(':sName', $sign_name);
				        $statement->bindValue(':sSurname', $sign_surname);
				        $statement->bindValue(':sEmail', $sign_email);
				        $statement->bindValue(':sUsername', $sign_username);
				       	$sign_password = sha1($sign_password); //Password Encrypt
				        $statement->bindValue(':sPsw', $sign_password);
				        
				        $statement->execute();
				      
				        $statement->closeCursor();
				        
				        header('Location: ../index.php');
			      }
			      echo '<span id=\'signup_error\'>'.$signup_error.'</span>';
		
		    }
		    else{
		      $signup_error = 'There is something wrong with your.';
		      echo '<span id=\'signup_error\'>'.$signup_error.'</span>';
		    }
		}
		*/
		?>